The pkgx.dev thing was doing the rounds yesterday and today, and it turns out that it's related to something else I've seen this week, which is tea.xyz, which tries to incentivise FOSS contributions with magic beans cryptocurrency.
Anyway, it turns out that if you make that incentive, you also make an incentive for spammy PRs and hamfisted attempts to fork and typosquat known packages to get some of those magic beans based on hopefully tricking people into installing your fork rather than the upstream.
At least the crates.io typosquatting detection seems to be doing its job. 😬
(hat tips to @web3isgreat and @molly0xfff)
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.